You can just as easily lock the data in a safe. If you encrypt the data and lock the key in a safe, what's the difference? There is none.
There is a very real difference. You now only have to protect a very small secret - the key(s)) instead of lots and lots of back up media.
Back up tapes can be sent to an offsite storage place without worrying about data being found if they are stolen. Or they can be kept with a low level of security in the office or in an employees home.
Similarly for a laptop: laptops get stolen. But if the key/password is kept in your wallet/pocket/memory, then the data is a lot more secure, because the password is far less likely to get stolen.
A few keys/long passwords are far easier to keep securely than lots of tapes. A few copies could be made. A copy kept in a safe on site (for ease of access normally). And a copy kept in a security deposit box in a bank - for real catastrophes. Or in more than one place.
There is a trade off between ease of restoration and security of the keys, but it is a lot easier to manage with keys than with tapes.
Finally, it should be hardware based, not software based. Software can always be compromised. If your information is that valuable, then someone will hack it.
This is a real misunderstanding of security and encryption. The point of an encryption algorithm is that you can know the implementation thoroughly, but without the key you cannot decrypt the data.
So for an encrypted hard drive, software is fine. The key is encrypted with a hashed password (or for some schemes the key is a hashed password) - so the encryption is as strong (or as weak) as the password. Whether the encryption is done by software or hardware is irrelevant.
There are a few provisos to this:
The key must never be written to the disk. But most modern OSes support this. (And on Linux, if you are encrypting any partitions, it is trivial to encrypt the swap partition with a random key on start up).
If a laptop was lost and then recovered, you can no longer trust the onboard software to not be modified to save/transmit your password/key.
Incidentally, the strength of encryption being determined by the strength of the password could be a key reason for lack of uptake. Security people don't trust users to use and remember strong passwords. Though the casual thief of a laptop would be defeated by almost anything.
Slashdot Mirror
You can just as easily lock the data in a safe. If you encrypt the data and lock the key in a safe, what's the difference? There is none.
There is a very real difference. You now only have to protect a very small secret - the key(s)) instead of lots and lots of back up media.
Back up tapes can be sent to an offsite storage place without worrying about data being found if they are stolen. Or they can be kept with a low level of security in the office or in an employees home.
Similarly for a laptop: laptops get stolen. But if the key/password is kept in your wallet/pocket/memory, then the data is a lot more secure, because the password is far less likely to get stolen.
A few keys/long passwords are far easier to keep securely than lots of tapes. A few copies could be made. A copy kept in a safe on site (for ease of access normally). And a copy kept in a security deposit box in a bank - for real catastrophes. Or in more than one place.
There is a trade off between ease of restoration and security of the keys, but it is a lot easier to manage with keys than with tapes.
Finally, it should be hardware based, not software based. Software can always be compromised. If your information is that valuable, then someone will hack it.
This is a real misunderstanding of security and encryption. The point of an encryption algorithm is that you can know the implementation thoroughly, but without the key you cannot decrypt the data.
So for an encrypted hard drive, software is fine. The key is encrypted with a hashed password (or for some schemes the key is a hashed password) - so the encryption is as strong (or as weak) as the password. Whether the encryption is done by software or hardware is irrelevant.
There are a few provisos to this:
Incidentally, the strength of encryption being determined by the strength of the password could be a key reason for lack of uptake. Security people don't trust users to use and remember strong passwords. Though the casual thief of a laptop would be defeated by almost anything.